[ https://issues.apache.org/jira/browse/HDFS-5688?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13910202#comment-13910202 ]
Juan Carlos Fernandez commented on HDFS-5688: --------------------------------------------- I can't access to any http/https url because it fails on start time, I attached xml files on the issue. > Wire-encription in QJM > ---------------------- > > Key: HDFS-5688 > URL: https://issues.apache.org/jira/browse/HDFS-5688 > Project: Hadoop HDFS > Issue Type: Bug > Components: ha, journal-node, security > Affects Versions: 2.2.0 > Reporter: Juan Carlos Fernandez > Priority: Blocker > Labels: security > Attachments: core-site.xml, hdfs-site.xml, jaas.conf, ssl-client.xml, > ssl-server.xml > > > When HA is implemented with QJM and using kerberos, it's not possible to set > wire-encrypted data. > If it's set property hadoop.rpc.protection to something different to > authentication it doesn't work propertly, getting the error: > ERROR security.UserGroupInformation: PriviledgedActionException > as:principal@REALM (auth:KERBEROS) cause:javax.security.sasl.SaslException: > No common protection layer between client and server > With NFS as shared storage everything works like a charm -- This message was sent by Atlassian JIRA (v6.1.5#6160)